CVE-2025-27070

Q: What is the severity of CVE-2025-27070?

CVE-2025-27070 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in Qualcomm's encryption/decryption command processing. Attackers could exploit this to execute arbitrary code or cause denial of service. Affects systems using vulnerable Qualcomm components.

7.8 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm's encryption/decryption command processing. Attackers could exploit this to execute arbitrary code or cause denial of service. Affects systems using vulnerable Qualcomm components.

💻 Affected Systems

Products:

Qualcomm chipsets with encryption/decryption capabilities

Versions: Specific versions not detailed in reference; check Qualcomm advisory

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where encryption/decryption commands are processed by vulnerable Qualcomm hardware/firmware

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation

🟠

Likely Case

System crashes, denial of service, or limited information disclosure from memory corruption

🟢

If Mitigated

Contained impact within sandboxed environments or prevented by memory protection mechanisms

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to send encryption/decryption commands to vulnerable component

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm November 2025 security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Obtain firmware/software updates from device manufacturer. 3. Apply updates following manufacturer instructions. 4. Reboot system.

🔧 Temporary Workarounds

Disable vulnerable encryption features

all

If possible, disable hardware-accelerated encryption/decryption features that use the vulnerable component

Network segmentation

all

Restrict access to systems using vulnerable Qualcomm components

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized encryption/decryption command execution
Monitor systems for abnormal encryption-related activity or crashes

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Qualcomm chipset model and compare against Qualcomm advisory

Check Version:

Device-specific commands vary; check manufacturer documentation for version checking

Verify Fix Applied:

Verify firmware/software version matches patched version in manufacturer updates

📡 Detection & Monitoring

Log Indicators:

Unexpected system crashes
Encryption/decryption operation failures
Memory corruption errors in system logs

Network Indicators:

Unusual encryption-related network traffic to affected systems

SIEM Query:

Search for: (event_category:crash OR error) AND (process_name contains 'crypto' OR 'encrypt' OR 'decrypt')

📊 Metadata

CVE ID: CVE-2025-27070

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.01% exploit probability (1.1th percentile)

Published: November 4, 2025

Last Updated: November 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs615 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8300 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm